Cryptography
Table of Contents
- Introduction
- Types of Cryptography
- Ciphers
- Key Exchange
- Hashing
- Digital Signatures
- Digital Certificates and Certificate Revocation (OCSP and CRL)
- PGP
- Perfect Forward Secrecy
- Resources
Introduction
- Cryptology is the scientific study of Cryptography and Cryptanalysis.
- Cryptography is the practice and study of techniques for secure communication in the presence of third parties called adversaries.
- Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.
- 7 Cryptography Concepts EVERY Developer Should Know
- Security Pitfalls in Cryptography
- Why Cryptography Is Harder Than It Looks
NOTE: When ‘Sign and then Encrypt’ or ‘Encrypt and then Sign’ are talked about, it is important to remember that both the encryption and signing key are from different hosts. The signing key is usually from the one sending the message and the encryption key is usually of the one the message is being sent to.
Types of Cryptography
Ciphers
Feistel
- Feistel Cipher
- Modes of Operation
- EXTRA BITS: Feistel Modes of Operation Code
- Securing Stream Ciphers (HMAC)
AES
- AES: Advanced Encryption Standard
- Block size: 128 bits
- Key size: 128, 192 or 256 bits
- No. of rounds: 10, 12 and 14 rounds for 128, 192 and 256 bits key size respectively)
- SP Networks
- Rinjdael algorithm (the base of AES)
- AES Explained
- 128 Bit or 256 Bit Encryption?
- In depth working of AES (Hindi)
DES, 2DES, 3DES
- DES: Data Encryption Standard
- Block size: 64 bits
- Key size: 56 bits (64 bits in reality)
- The 64 bit key is made of eight chunks of eight bits each. The eighth bit in each chunk is a parity bit (and is thus discarded). So, the actual key length is 64 - 8 = 56.
- No. of rounds: 16
- Prerequisite
- Hindi
- English
- http://wesecure.net/learn/index.html
Blowfish
- Block size: 64 bits (Twofish has a block size of 128 bits.)
- Key size: 32 to 448 bits (The default is 128 bits.)
- No. of rounds: 16
- Blowfish Explained
RC5
- RC: Rivest/Ron’s Cipher
- Block size: 32, 64 or 128 bits
- Key size: 0 to 2040 bits
- No. of rounds: 0 to 255
Key Exchange
Diffie-Hellman
- Key exchange algorithm
- End to End Encryption (E2EE)
- Secret Key Exchange (Diffie-Hellman)
- Diffie-Hellman - the Mathematics bit
- Key Exchange Problems (includes explanation on RSA)
- Elliptic Curves
- Elliptic Curve Back Door
- ‘Ephemeral’ means ‘something that is short lasting’.
- ECDH = Elliptic Curve Diffie-Hellman
- ECDH in SSH
- Perfect Forward Secrecy (FS or PFS)
Hashing
SHA
- Secure Hashing Algorithm
- SHA
- SHA1 Problems
Digital Signatures
- Help in establishing message integrity, i.e., proving that a particular person/origin sent the data.
- Message Authentication Codes (MACs) are symmetric key protocols, while Digital Signatures are asymmetric/public key protocols.
- What are Digital Signatures?
- Digital Signatures: What They Are & How They Work
- Digital Signatures
Digital Certificates and Certificate Revocation (OCSP and CRL)
- SSL/TLS Certificates
- Hijacking domains locally by tricking the browser into accepting fake certificates
- Compressing Certificates in TLS
- Certificate Revocation Techniques (CRL, OCSP, OCSP Stapling)
- Shared vs Private SSL/TLS Certificates
- The SSL Certificate Issuer Field is a Lie (Credits)
- No More Extended Validation Certificate Overhead from Chrome 106
- Revocation checking and Google Chrome CRLSet
- Revocation Doesn’t Work
- The Impact of SSL Certificate Revocation on Web Performance
- A no-bull technical guide to EV HTTPS
- PKI information and X.509 certificate extensions
PGP
- PGP: Pretty Good Privacy
- OpenPGP
- Standard for PGP software
- GPG/GnuPG: GNU Privacy Guard
- Tool to use PGP
- GNU: GNU’s Not Unix
- Provides
- Authentication (using the Web of Trust - importing the receiver’s public key into the sender’s key ring)
- Confidentiality (using a combo of symmetric/conventional and asymmetric key cryptography)
- Used for signing, encrypting and decrypting e-mails, files, directories, disks, etc.
- It uses the decentralized ‘Web of Trust’ to verify the identity of users. (Key rings and graphs)
- Intro to PGP
- PGP and GPG difference
- PGP and the Web of Trust
- A Pretty Good Introduction to Pretty Good Privacy
- End-to-End Encryption in the Browser Impossible?
- OpenPGP, PGP, and GPG: What is the Difference?
- Security basics with GPG, OpenSSH, OpenSSL and Keybase
- Creating the Perfect GPG Keypair
- Does OpenPGP key expiration add to security?
- Very good answer for understanding expiry date shenanigans of subkeys and the secret (private) key, and about the revocation certificate.
- How To Use GPG to Encrypt and Sign Messages
- Digitally Signing and Encrypting Messages
- Guidelines for strong passwords
- Why should one not use the same asymmetric key for encryption as they do for signing?
- Exercise: Sending an Encrypted and Signed e-mail
Perfect Forward Secrecy
- PFS or FS: Perfect Forward Secrecy
- Wikipedia: Perfect Forward Secrecy
- Perfect Forward Secrecy (PFS) in TLS
- The Heartbleed Bug
- The Logjam TLS attack: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (weakdh.org)
- More about TLS
- Perfect Forward Secrecy (Forward Secrecy) is different from Post-Compromise Security (Backward Secrecy, Future Secrecy, Channel Healing).
Resources
- The start of the 2nd Crypto Wars: A history of backdoors
- Remarks on “Chat Control”
- Computerphile
- Christof Paar
- Eddie Woo
- Abhishek Sharma (Hindi)
- Gideon Samid (http://wesecure.net)
- Crypto 101
- Cryptology, Cryptography, and Cryptanalysis – Get your Vocabulary Straight!
- Why Johnny Can’t Encrypt
- How to Verify a Checksum on Windows (MD5 or SHA256)